Mapping existing API calls to Ecosyte.ms API
Opened this issue · 0 comments
lirantal commented
| Marshall / Capability | Existing API | Fields | Ecosyte.ms API | Fields | Notes |
|---|---|---|---|---|---|
| Age: package maturity on registry | http://registry.npmjs.org/<package> |
time, time.created |
https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/safe-regex2 |
||
created_at |
Compares the time the package was created to the time the requested package version to install was created | ||||
| Author | http://registry.npmjs.org/<package-name> |
versions[packageVersion]._npmUser, versions[packageVersion]._npmUser.email, is the email valid? |
TBD | TBD | Author exists? is it the first time they published it? Core capability is identifying author information for the person who published a package@version |
| Downloads count | https://api.npmjs.org/downloads/point/last-month/<package> |
TBD | https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/safe-regex2 |
downloads and downloads_period set to last-month being monthly |
None |
| README | http://registry.npmjs.org/<package> |
readme |
https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/safe-regex2 |
repo_metadata.metadata.files.readme and repo_metadata.html_url for the repository URL |
None |
| Repo | http://registry.npmjs.org/<package> |
versions, dist-tags.latest |
https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/safe-regex2 |
repository_url |
Verifies a source code repository exists for this package as part of the |
| Scripts | http://registry.npmjs.org/<package> |
versions[<version>].scripts |
TBD | TBD | Checks whether run-scripts are defined for this package |
| Snyk | https://snyk.io/api/v1/vuln/npm, https://snyk.io/test/npm and https://snyk.io/vuln/npm: |
TBD | Not required | Not required | Continue to depend on Snyk APIs |
| License | http://registry.npmjs.org/<package> |
license |
TBD | TBD | Ensure a license is specified for this package |
| Expired domains | http://registry.npmjs.org/<package> |
TBD | TBD | TBD | See notes about for identifying author information and use that to extract email addresses and test them for expiration. Emails are tested by resolving the email DNS records |
| Signatures | uses pacote dependency |
None | TBD | TBD | Ensures npm keys are matched for package |
| Provenance | uses pacote dependency |
None | TBD | TBD | None |
Enriching with more metadata from Ecosyste.ms that we can integrate with:
- Package data (
https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/safe-regex2) has:rankingsfor downloads ratios,dependent_packages_count- deprecated shows up in
statusfield either null (not deprecated) or set todeprecatedstring maintainerskey has a list of maintainer objects with theiruuid,login,emailand alsopackages_countas well ascreated_at